Another thing ClamWin turned up (this time when I used it to scan my thumb drive) was a dinosaur-aged email worm.

E:\\Programs\\Thunderbird\\Data\\profile\\
Mail\\[EMAIL-DOMAIN]\\Inbox: Mid.Kakworm-Z FOUND

And I do mean prehistoric. Symantec says a version of it was discovered in 1999, and Sophos has protected users against it since 2001.

As it turns out, 2001 was when it actually arrived in my Inbox. (Yes, my Thunderbird profile is that old. It predates Thunderbird.) As to how I figured that out, more in a bit.

Fortunately, again, this virus hadn’t exploded yet. In this case, it couldn’t; it spreads via Microsoft Outlook, which I don’t use. Nyah. And the vulnerability which Kakworm exploits has been patched long since. But I wanted the dang thing gone regardless. I like clean “0 files infected” anti-virus reports. Unfortunately, as the virus hadn’t actually exploded, there was nothing for a Kakworm-removal tool to do.

So I went hunting around, and discovered two things I hadn’t yet known about Thunderbird.

Thing #1: Inbox is a text file.
Via and Thanks: This post by Jake Dodd at the PC Review Forums

Newly empowered by Mr. Dodd’s insistence that the Inbox is plain old ASCII, I revved up EditPlus (which, unlike Notepad, can handle huge-axe text files) and searched for kak.hta as suggested. I found it in a signature block that appeared associated with the email body immediately preceding it, whose headers declared it from March 20, 2001. Awesome. I fired up Thunderbird, searched for that date, located the particular email, and deleted it. Emptied the trash. Closed Thunderbird down and scanned my thumb drive again.

And still got a report of Kakworm in my Inbox!

Opening Inbox yet again, I found that the 8 occurrences of kak.hta were still present. So this time I took note of the email header immediately following the offending signature block. Just in case. And yes, I emptied the trash. Again.

Nope. Night of the Living Dead Email, no dawn in sight.

Google time again.

Thing #2: Thunderbird retains deleted email until folders are next compacted.
Via and Thanks: The wonderful Geek-o-pedia and Daifne @ the MozillaZine forums

The authors of these posts were actually trying to recover deleted email, not 86 it. But their solution was the same as mine: Until you let Thunderbird compact its folders, deleted email continues to take up rows in Inbox, differentiated from “living” email only in the “X-Mozilla-Status” code number. If you want the email back, apparently you’ve only to change those numbers to 0000. (And do a couple other things. Follow Geek-o-pedia’s instructions and all will be well.)

Or if you want that email gone, as I did, run Compact Folders from the File menu.

Voila! Squeaky clean.